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One PIA may be prepared to cover multiple websites or applications that are functionally 
comparable as long as agency or bureau practices are substantially similar across each website 
or application. However, any use of a third-party website or application that raises distinct 
privacy risks requires a complete PIA exclusive to the specific website or application. 
Department-wide PIAs must be elevated to the OCIO for review and approval. 


SECTION 1: Specific Purpose of the Agency’s Use of the Third-Party Website or 
Application 


4,4 What is the specific purpose of the agency's use of the third-party website or 
application and how does that use fit with the agency’s broader mission? 


FeedBurner is a web feed content manager owned by Google Inc. that allows publishers 
to create custom Real Simple Syndication (RSS) feeds for use with blogs, podcasts, and 
other forms of web-based content publishing. FeedBurner takes existing content and 
publishes it in a format that allows for expanded content distribution. FeedBurner users 
can create personal profiles and distribute content such as text files and text descriptions 
of images, video and audio files via RSS feeds. User profiles may include photos, 
images, videos, lists of interests, contact information, and other information. FeedBurner 
also provides RSS analytics for the number of subscribers to a particular RSS feed, as 
opposed to pure visitor traffic, which is a more accurate representation of RSS feed use. 


The Department of the Interior uses FeedBurner to disseminate information to the public, 
enhance communication, promote public participation and collaboration, and increase 
government transparency. The primary account holder is the Department of the Interior 
Office of Communications, who will be responsible for ensuring information distributed 
through FeedBurner is appropriate and approved for public dissemination. DOI bureaus 
and offices are responsible for ensuring information distributed through FeedBurner is 
appropriate and approved for public dissemination in accordance with applicable laws, 
regulations, and DOI privacy, security and social media policies. 


1.2 Is the agency’s use of the third-party website or application consistent with all 
applicable laws, regulations, and policies? What are the legal authorities that 
authorize the use of the third-party website or application? 


Presidential Memorandum on Transparency and Open Government, January 21, 2009; 
OMB M-10-06, Open Government Directive, December 8, 2009; OMB M-10-23, 
Guidance for Agency Use of Third-Party Websites and Applications, June 25, 2010; the 
Paperwork Reduction Act, 44 U.S.C. 3501; the Clinger-Cohen Act of 1996, 40 U.S.C. 
1401; OMB Circular A-130; 210 Departmental Manual 18; 110 Departmental Manual 5. 


SECTION 2: Any PII that is Likely to Become Available to the Agency Through the 
Use of the Third-Party Website or Application 


2.1 What PII will be made available to the agency? 


If a subscriber to an RSS feed distributed through FeedBurner posts comments, 
requests information or submits feedback in response to the distributed content, their 
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2.2 


2.3 


2.4 


name, username, email address, photos, images, videos, audio, interests, content of 
messages or postings, contact information, and other personal information may become 
available to DOI. The Department does not collect or share PII from the use of 
FeedBurner, except in unusual circumstances where user interactions indicate evidence 
of criminal activity, a threat to the government, a threat to the public, or an employee 
violation of DOI policy. This information may include name, username, email address, 
photos, images, videos, audio, content of messages or postings, contact information, or 
other personal information provided by the user, and may be used to notify the 
appropriate agency officials or law enforcement organizations. 


What are the sources of the PII? 


Sources of information are RSS feed users and subscribers world-wide, including 
members of the general public and Federal employees, and may include other 
government agencies and private organizations. 


Will the PII be collected and maintained by the agency? 


DOI does not actively collect, maintain or disseminate PII from the use of FeedBurner; 
however, PII may become available to DOI through interactions with RSS feed 
subscribers. If a subscriber to an RSS feed distributed through FeedBurner posts 
comments, requests information or submits feedback in response to the distributed 
content, their name, username, email address, photos, images, videos, audio, interests, 
content of messages or postings, contact information, or other personal information may 
become available to DOI. There may be unusual circumstances where user interactions 
indicate evidence of criminal activity, a threat to the government, a threat to the public, or 
an employee violation of DOI policy. This information may include name, username, 
email address, photos, images, videos, audio, content of messages or postings, 
interests, contact information, or other personal information provided by the user, and 
may be used to notify the appropriate agency officials or law enforcement organizations. 


The use of FeedBurner is governed by Google's universal Terms of Service and Privacy 
Policy. Pursuant to the Terms of Service and Privacy Policy, information provided by 
users of a Google service, including PII, may be combined or integrated into other 
Google services. Google users can set their own privacy settings and exhibit control 
over some of the personal information tied to the user’s Google account and whom that 
information is shared with. 


Any DOI bureau or office that uses FeedBurner in a way that creates a system of 
records must complete a separate PIA for the specific use and collection of information, 
and must maintain the records in accordance with DOI-08, Social Networks system of 
records notice. DOI Privacy Act system of records notices may be viewed at 
http://www.doi.gov/ocio/privacy/DOI_notices.htm. 





Do the agency’s activities trigger the Paperwork Reduction Act (PRA) and, if so, 
how will the agency comply with the statute? 


No, DOI is not using FeedBurner to survey the public or in any manner that would trigger 
the requirements of the Paperwork Reduction Act. 
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SECTION 3: The Agency’s Intended or Expected Use of the PII 


3.1 


3.2 


Generally, how will the agency use the PII described in Section 2.0? 


The Department of the Interior uses FeedBurner to disseminate information to the public 
and enhance communication, promote public participation and collaboration, and 
increase government transparency. User interactions with DOI resulting from 
FeedBurner content distribution may include name, username, email address, photos, 
images, videos, audio, content of messages or postings, interests, contact information, 
or other personal information provided by the user. This information may be used to 
communicate with users or provide requested information. Also, there may be unusual 
cases where user interactions indicate evidence of criminal activity or a threat to the 
government, a threat to the public, or employee violation of DOI policy. This information 
may include name, username, email address, photos, images, videos, audio, content of 
messages or postings, or other personal information provided by the user and may be 
used to notify the appropriate agency officials or law enforcement organizations. 


Provide specific examples of the types of uses to which PII may be subject. 


If a subscriber to an RSS feed distributed through FeedBurner posts comments, 
requests information or submits feedback in response to the posted content, their name, 
username, email address, photos, images, videos, audio, content of messages or 
Postings, interests, contact information, or other personal information may become 
available to DOI. The Department does not collect or share PII from the use of 
FeedBurner, except in unusual circumstances where user interactions indicate evidence 
of criminal activity, a threat to the government, a threat to the public, or employee 
violation of DOI policy. This information may include name, username, email address, 
photos, images, videos, audio, content of messages or postings, interests, contact 
information, or other personal information provided by the user, and may be used to 
notify the appropriate agency officials or law enforcement organizations. 


SECTION 4: Sharing or Disclosure of PII 


4.1 


With what entities or persons inside or outside the agency will the PII be shared, 
and for what purpose will the PII be disclosed? 


FeedBurner is a web feed content manager which allows publishers to create custom 
RSS feeds for use with blogs, podcasts, and other forms of web-based content 
publishing. Millions of individuals and organizations world-wide, including Federal, 
Tribal, State and local agencies subscribe to RSS feeds and have access to RSS feed 
content and may have access to the data posted through the use of FeedBurner. DOI 
does not collect PII or share PII with these other agencies and is not responsible for how 
they may access or use data distributed via FeedBurner. However, there may be 
unusual cases where user interactions indicate evidence of criminal activity, a threat to 
the government, a threat to the public, or an employee violation of DOI policy. This 
information may include name, username, email address, photos, images, videos, audio, 
content of messages or postings, interests, contact information, or other personal 
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information provided by the user, and may be used to notify the appropriate agency 
officials or law enforcement organizations. 


4.2 What safeguards will be in place to prevent uses beyond those authorized under 
law and described in this PIA? 


Official mission related information distributed through FeedBurner by DOI is reviewed 
and approved for public dissemination prior to posting so any privacy risks for the 
unauthorized disclosure of personal data by the Department is mitigated. However, 
except for official postings, DOI does not control the content posted on FeedBurner or 
the Google privacy policy. There could potentially be millions of users who have access 
to information posted on FeedBurner, including the general public, Federal employees, 
private organizations, and Federal, State, Tribal and local agencies. 


DOI has no control over personal information provided by RSS feed users and 
subscribers in response to FeedBurner distributed content. RSS feed users and 
subscribers are responsible for using their own discretion with respect to the PII they 
provide in response to FeedBurner distributed content. 


Google is responsible for protecting its users’ privacy and the security of the data in its 
applications. Users are subject to Google's Privacy Policy and Terms of Service, and 
can control access to their own PII, generally via privacy settings, as well as user 
discretion regarding the information provided. 


SECTION 5: Maintenance and Retention of PII 


5.1 How will the agency maintain the PII, and for how long? 


Retention periods vary as records are maintained in accordance with the applicable 
records schedule for each specific type of record maintained by the Department. 
Records published through FeedBurner represent public informational releases by the 
Department, and must be assessed on a case-by-case basis depending on the 
individual/entity releasing the information and the purpose of the release. There is no 
single records schedule that covers all informational releases to the public at this time. 


Comments and input from the public must be assessed by whether they contribute to 
decisions or actions made by the government. In such cases where input from the 
public serves a supporting role, the comments must be preserved as supporting 
documentation for the decision made. Approved methods for disposition of records 
include shredding, burning, tearing, and degaussing in accordance with National 
Archives and Records Administration guidelines and 384 Departmental Manual 1. 


5.2 Was the retention period established to minimize privacy risk? 


Retention periods may vary depending on agency requirements and the subject of the 
records for the DOI bureau or office maintaining the records. In cases where data 
serves to support agency business, it must be filed with the pertinent records they 
support and follow the corresponding disposition instructions. Comments used as 
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supporting documentation will utilize the disposition instructions of the records they are 
filed with. 


SECTION 6: How the Agency will Secure PII 


6.1 


6.2 


Will privacy and security officials coordinate to develop methods of securing PII? 


Yes, Privacy and security officials work with the Office of Communications to develop 
methods for protecting individual privacy and securing PII that becomes available to 
DOI. 


How will the agency secure PII? Describe how the agency will limit access to PII, 
and what security controls are in place to protect the PII. 


DOI does not collect, maintain or disseminate PII from RSS feed users and subscribers 
of FeedBurner distributed content except in unusual cases where user interactions 
indicate evidence of criminal activity, a threat to the government, a threat to the public, or 
an employee violation of DOI policy. This information may include name, username, 
email address, photos, images, videos, audio, content of messages or postings, 
interests, contact information, or other personal information provided by the user, and 
may be used to notify the appropriate agency officials or law enforcement organizations. 
In these cases PII is secured in accordance with DOI Privacy Act regulations 43 CFR 
2.51 and applicable DOI privacy and security policies. Access to the DOI network is 
restricted to authorized users with password authentication controls, the server is 
located in secured facilities behind restrictive firewalls, and access to databases and 
files is controlled by the system administrator and restricted to authorized personnel 
based on official need to know. Other security controls include continuously monitoring 
threats, rapid response to incidents, and mandatory employee security and privacy 
training. 


SECTION 7: Identification and Mitigation of Other Privacy Risks 


71 


What other privacy risks exist, and how will the agency mitigate those risks? 


The official information distributed by DOI using FeedBurner has been reviewed and 
approved for public dissemination so any privacy risk of unauthorized disclosure of 
personal data by the Department is mitigated. 


DOI does not have any control over personal information posted by individual RSS feed 
users and subscribers of FeedBurner distributed content, including members of the 
general public and Federal employees. DOI systems do not share data with the 
FeedBurner application. 


FeedBurner is a private third party application that is independently operated by Google. 
Google controls the distribution of content submitted to FeedBurner by DOI. DOI has no 
control over personal information provided by RSS feed users and subscribers in 
response to FeedBurner distributed content. RSS feed users and subscribers are 
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7.2 


responsible for using their own discretion with respect to the PII they provide in response 
to FeedBurner distributed content. 


Google is a private third party that is independently operated and controls access to user 
data within its systems. Users control access to their own PII, generally via system 
settings. DOI has the same access as any other user dependent on individual user 
personal information disclosures and has no control over user content posted, except for 
official DOI postings. 


Does the agency provide appropriate notice to individuals informing them of 
privacy risks associated with the use of third-party website or application? 


DOl's Privacy Policy informs the public of how DOI handles personally identifiable 
information that becomes available through interaction on the DOI official website. The 
Privacy Policy also informs the public that DOI has no control over access restrictions or 
privacy procedures on third party websites, and that individuals are subject to third party 
social media website privacy and security policies. DOI’s linking policy informs the 
public that they are subject to third party privacy policies when they leave a DOI official 
website to link to third party social media web sites. 


SECTION 8: Creation or Modification of a System of Records 


8.1 


8.2 


Will the agency’s activities create or modify a “system of records” under the 
Privacy Act of 1974? 


No. DOI does not collect, maintain or disseminate PII from its use of FeedBurner. Any 
DOI bureau or office that creates a system of records from use of FeedBurner will 
complete a separate PIA for that specific use and collection of information, and must 
maintain the records in accordance with DOI-08, Social Networks system of records 


notice, which may be viewed at http://www.doi.gov/ocio/privacy/DOI_notices.htm. 
Provide the name and identifier for the Privacy Act system of records. 


DOI does not actively collect, maintain or disseminate PII obtained from the use of 
FeedBurner. Any DOI bureau or office that creates a system of records from use of 
FeedBurner will complete a separate PIA for that specific use and collection of 
information, and must maintain the records in accordance with DOI-08, Social Networks 
system of records notice which may be viewed at 
http://www.doi.gov/ocio/privacy/DOI_notices.htm. 





